CVE-2026-3587 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: March 24, 2026
Linux-based Device - Privilege Escalation
Overview
A Linux-based device contains a privilege escalation caused by a hidden function in the CLI prompt, letting unauthenticated remote attackers gain root access, exploit requires remote access to the CLI.
Severity & Score
Impact
Unauthenticated remote attackers can gain root access, leading to full device compromise.
Mitigation
Update to the latest version with the fix applied.
Social Media Activity(1 post)
Critical Hidden Functionality Vulnerability in WAGO Industrial Managed Switches WAGO reports a critical CVSS 10.0 vulnerability (CVE-2026-3587) in its industrial managed switches that allows unauthenticated remote attackers to escape the CLI and gain full device control. The flaw affects numerous models used in critical infrastructure. **Make sure all WAGO managed switches (Lean and Industrial series) are isolated from the internet and accessible from trusted networks only. Then update the firmware to the latest "S1" patched versions if you can't patch immediately, disable SSH and Telnet so the command line is only reachable through a physical connection on the device itself.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-hidden-functionality-vulnerability-in-wago-industrial-managed-switches-z-2-4-s-8/gD2P6Ple2L
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-3587
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 11.9%
- Social Posts
- 1
CWE
- CWE-912
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H